CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

16
CVEs añadidos este mes
1623
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2026-20253 Splunk Enterprise CRÍTICA 2026-06-18
CVE-2026-48907 Widget Factory Joomla Content Editor CRÍTICA 2026-06-16
CVE-2026-54420 LiteSpeed cPanel Plugin ALTA 2026-06-15
CVE-2026-20262 Cisco Catalyst SD-WAN Manager MEDIA 2026-06-15
CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools CRÍTICA 2026-06-12
CVE-2026-10520 Ivanti Sentry CRÍTICA 2026-06-11
CVE-2026-11645 Google Chromium V8 ALTA 2026-06-09
CVE-2026-7473 Arista Extensible Operating System MEDIA 2026-06-09
CVE-2026-20245 Cisco Catalyst SD-WAN Manager ALTA 2026-06-09
CVE-2026-42271 BerriAI LiteLLM ALTA 2026-06-08

// top_vendors_afectados

Microsoft
16
Cisco
9
Apple
6
Ivanti
4
Google
4
Adobe
3
LiteSpeed
2
Oracle
2
BerriAI
2
SolarWinds
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2023-28461 Array Networks AG/vxAG ArrayOS Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an … CRÍTICA 2024-11-25
CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extens… ALTA 2024-11-21
CVE-2024-44309 Apple Multiple Products Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web… MEDIA 2024-11-21
CVE-2024-44308 Apple Multiple Products Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web… ALTA 2024-11-21
CVE-2024-38813 VMware vCenter Server VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attac… ALTA 2024-11-20
CVE-2024-38812 VMware vCenter Server VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol.… CRÍTICA 2024-11-20
CVE-2024-9474 Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through t… ALTA 2024-11-18
CVE-2024-0012 Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for sev… CRÍTICA 2024-11-18
CVE-2024-1212 Progress Kemp LoadMaster Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker… CRÍTICA 2024-11-18
CVE-2024-9465 Palo Alto Networks Expedition Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal … CRÍTICA 2024-11-14
CVE-2024-9463 Palo Alto Networks Expedition Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to… ALTA 2024-11-14
CVE-2021-26086 Atlassian Jira Server and Data Center Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read part… MEDIA 2024-11-12
CVE-2014-2120 Cisco Adaptive Security Appliance (ASA) Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. T… MEDIA 2024-11-12
CVE-2021-41277 Metabase Metabase Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted d… CRÍTICA 2024-11-12
CVE-2024-43451 Microsoft Windows Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash t… MEDIA 2024-11-12
CVE-2024-49039 Microsoft Windows Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, loc… ALTA 2024-11-12
CVE-2019-16278 Nostromo nhttpd Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd ser… CRÍTICA 2024-11-07
CVE-2024-51567 CyberPersons CyberPanel CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to ex… CRÍTICA 2024-11-07
CVE-2024-43093 Android Framework Android Framework contains an unspecified vulnerability that allows for privilege escalation. ALTA 2024-11-07
CVE-2024-5910 Palo Alto Networks Expedition Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network acce… CRÍTICA 2024-11-07
CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, … CRÍTICA 2024-11-04
CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attac… ALTA 2024-11-04
CVE-2024-37383 Roundcube Webmail RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that al… MEDIA 2024-10-24
CVE-2024-20481 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after … MEDIA 2024-10-24
CVE-2024-47575 Fortinet FortiManager Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthe… CRÍTICA 2024-10-23
← Anterior Página 17 / 65 (1623 CVEs total) Siguiente →
[INFO] CVE-2026-45321: Vulnerabilidad crítica en TanStack permite robo de credenciales mediante paquetes npm maliciosos  ·  [INFO] CVE-2026-0257: Bypass de Autenticación Crítico en Palo Alto Networks PAN-OS Explotado Activamente  ·  [INFO] CVE-2024-21182: Vulnerabilidad Crítica en Oracle WebLogic Server Explotada Activamente  ·  [INFO] CVE-2026-45247: Deserialización en Mirasvit Full Page Cache Warmer permite RCE no autenticado  ·  [INFO] CVE-2025-48595: Desbordamiento de Entero en Android Framework con Escalada de Privilegios Local  ·  [INFO] CVE-2026-45321: Vulnerabilidad crítica en TanStack permite robo de credenciales mediante paquetes npm maliciosos  ·  [INFO] CVE-2026-0257: Bypass de Autenticación Crítico en Palo Alto Networks PAN-OS Explotado Activamente  ·  [INFO] CVE-2024-21182: Vulnerabilidad Crítica en Oracle WebLogic Server Explotada Activamente  ·  [INFO] CVE-2026-45247: Deserialización en Mirasvit Full Page Cache Warmer permite RCE no autenticado  ·  [INFO] CVE-2025-48595: Desbordamiento de Entero en Android Framework con Escalada de Privilegios Local  ·